Fearmongering About Cyberwar And Cybersecurity Is Working: American Public Very, Very Afraid

from the for-no-clear-reason dept

Well, it looks like all the fearmongering about hackers shutting down electrical grids and making planes fall from the sky is working. No matter that there's no evidence of any actual risk, or that the only real issue is if anyone is stupid enough to actually connect such critical infrastructure to the internet (the proper response to which is: take it off the internet), fear is spreading. Of course, this is mostly due to the work of a neat combination of ex-politicians/now lobbyists working for defense contractors who stand to make a ton of money from the panic -- enabled by politicians who seem to have no shame in telling scary bedtime stories that have no basis in reality.

But it's all working. And, by working, I mean scaring the public unnecessarily. As reported by Wired, a new survey from Unisys finds that Americans are more worried about cybersecurity threats than terrorism, and they seem pretty worried about those threats. When asked about which security issues were the highest priority, survey respondents noted:

Protecting government computer systems against hackers and criminals (74 percent)

Of course, it's likely that the vast majority of the American public has absolutely no idea what the actual risk is of any of these things happening. But they are familiar with computers, and there's been a lot of talk about cybersecurity lately, so "ooooooh, scary!" Now, here's where the mainstream press could come in and point out the lack of evidence for any real or significant cybersecurity threat and help people realize that they might be best off focusing their attention elsewhere. But talking about planes falling from the sky is much more fun.

Blind leading the blind

I really wish that lobbyists/politicians would be made accountable for the dangerous scare tactics that they use to get crazy fucked up cyber security bills passed. Transparency is a must when dealing with such topics, so knowing what's 'in it for them' should be prevalent in early discussions.

Re:

"We're doomed. Most Americans believe this shit."

Just like they (and not just Americans!) believe that JFK's assassination and the Twin Towers were CIA plots... Princess Diana was a royal plot... and no doubt thanks to Newsweek's latest cover that the President is gay...

We've been in a state of fear since World War II, possibly longer than that. Nuclear weapons, communist ideology, ecological disaster, minorities, foreigners, terrorists, cyberterrorist, serial killers, bullies, UFOs, and the RIAA. Everything is out to get us. Run! Hide! Obey!

This is what I don't get about you Americans: Your constitution allows you to possess and carry guns (big, automatic ones), and you'll verbally abuse anyone that tries to point out that that might be a bad idea. Yet every time a new government manufactured boogie man shows up, you drop to your knees and beg for mercy.

Re: Re: They just don't know...

Re: Re:

"Just like they (and not just Americans!) believe that JFK's assassination and the Twin Towers were CIA plots... Princess Diana was a royal plot... and no doubt thanks to Newsweek's latest cover that the President is gay..."

Well, at least with the JFK assassination you can point to some pretty damning connections between certain back-funded CIA groups with plenty of reasons and gusto to kill a President. The others, I tend to agree are probably over the top. But JFK....

Re:

No, most people are not profoundly stupid. They are heavily propagandized. I think it's safe to say we are the most propagandized people in history, and by and large it speaks well of people that there is still a noticeable amount of free-thinking.

Y2K all over again

This reminds me of the whole Y2K scare more than anything else.

What I found curious was that even though nearly all industry professionals who weren't providing Y2K mitigation services agreed that the problem was insanely exaggerated, people were surprisingly reluctant to actually listen to the people who knew what they were talking about and trusted the charlatans and ignorant fear-mongers instead.

This would be a good time to re-read Ranum's best rant

Exercise for the reader: open up this essay in one tab, and read it. Then start going through the history of security and dataloss incidents (pick any source of them you like) and check off the mistakes that were made. I think you'll find that in every single case, at least one of the big six mistakes was made -- and it's not uncommon to find two or three of them in play. And of course the other smaller ones turn up frequently as well.

We don't need legislation. We don't need spying. We don't need the destruction of online privacy. We don't need the FBI, the NSA, or any other TLA. We need people to start paying attention, and to stop doing stupid things, like "plugging physical infrastructure controls into the Internet" or "failing to maintain an air gap between billing systems and power generation systems" or "leaving debug code/default passwords in place in production installs".

CISPA won't make people pay attention. Accountability, sometimes in the forms of "being shut down", "being fired", "being fined, with fines removed directly from corporate officers' bank accounts", will do that. And the legislation to provide that (well, most of it, that last one is wishful thinking on my part) is ALREADY IN PLACE and has been for years. It's just not being used effectively.

(An example of that last point - consider this case: Advertising company settles over alleged Facebook 'likejacking' scam. They were making $20M/year, and settled for $100K in court fees -- that's about two days' worth of revenue. And the Washington State AG signed off on this deal. I'll bet a dollar with anybody reading this that within three years the same people involved in this have dissolved the company, formed another one, moved somewhere else, and engaged in a similar scheme.)

Re:

1) The Constitution may allow us to carry big automatic guns, but that doesn't mean our governments do.

2) The gun scares are a good example of a government-manufactured boogie man (since areas with lenient gun laws have lower crime rates), so I feel like your criticism is a non sequitur. I suppose it is inconsistent on the part of Americans, but guns have been around longer and are easier to understand than computer networks.

Count me in

"more worried about cybersecurity threats than terrorism" - check.

I think I'm far more likely to come across a cybersecurity issue than terrorism, so I *should* be more worried about the former than the latter. I actively take steps to avoid "cybersecurity" problems (I firewall my home network from the Internet, check for intrusions on my machines, don't connect "important" machines (or data) to the Internet at all. What do I do to counter terrorism ? Nothing (well, I guess you could count getting groped by the TSA every now and then, but that's not through choice).

Of course the risks of any serious danger from *either* is very low, so I worry even more about crossing the road...

WTF? I thought this was...

The media causes too many of our own problems in cases like this, because fear sells and gets more viewers/readers.

There was one news story a few years ago about Flu Shots and the scares/shortages of them that graphed the demand for Flu Shots next to the amount of news coverage Flu Shots received.

In the graph there was a 4 week period where all the news media was hyping up the dangers of flu and why you HAD to get the flu shot, or else you might die or something! The demand for Flu Shots was off the charts during those 4 weeks, but before and after those 4 weeks it was only like 1/10th of that.

Re:

These surveys are BS. They give you 4 little boxes to choose from: disagree, disagree slightly, agree slightly, and strongly agree. The questions are so vague that of course people will say they agree to something they don't understand. They hear that someone hacks Sony, so they think, "Wow, that could happen again, and I have no way to protect myself against it." When I fill in surveys like this, half the time it depends on my mood that day or the way they worded the question (e.g. "In light of recent hacking of a Texas police department, you feel your national security is potentially at risk."). I just looked at the results, and the number of people that strongly agree/agree to these security threats has actually gone down this year compared to earlier years. I don't get why this is news.

I don't understand the problem everyone is having with the survey results. Those relative rankings make perfect sense to me. I'm at far greater risk of getting my identity stolen by hackers then I am at risk for dying in a terrorist attack. I think it's evidence that the public is realistically evaluating the danger of a terrorist attack, and putting that risk below other risks. This is evidence that terrorist fear mongering is not working if you ask me.

Also, I have no actual knowledge one way or the other, but I would be surprised if plenty of critical infrastructure was not connected to the internet. The benefits of remote access (remote testing and maintenance for example) are so large that it outweighs the risk. Obviously, it would require proper security precautions, but disconnection from the internet shouldn't be necessary.

Re:

I think the evidence bears this out. Right now, we are third-rate in terms of physical infrastructure (roads, bridges, etc.), informational & communication infrastructure (telephone, internet, etc.), infant mortality, health-care outcomes, and a ton of other measurements along those sorts of lines. And yet, if you ask random citizens on the street, they'll usually think that we're the best, or at least #2, in all of those areas. I've heard people actually say "yeah, this sucks here, but it's even worse everywhere else."

Re: Re: Re: They just don't know...

the US may be bit 'slow' and quite easily led but not yet heard of anyone being beaten up by a survey. if this is the only way to convince people this law is needed, it shows how desperate those that want it are, how unnecessary it actually is and what good it will really do for citizens, ie, none!

Not surprising. I had a user that had a misbehaving IE browser that would open the same link 10+ times into different tabs.

She ran over to my cube short of breathe exclaiming that someone was stealing her identity.

Not stupid, the things she does in excel is nothing short of inspired. She's in her late 20s. Uses computers daily... she and so many other users just consider the parts of computers they don't use or understand fully as magic.

Re: Y2K all over again

I'm a programmer by profession. I always told people the fears were insanely exaggerated. Even if it doesn't know the date (most don't anyway) your microwave will continue to cook your food. And as I'm now working with airplane simulators I can assure you that even if your GPS goes wonky (it won't), airplanes won't fall out of the sky because there are multiple backup systems including radios (which don't care what time it is), standby instruments (which have no electronics) and the good ol' Mark 1 Eyeball. The "fall out of the sky" fear assumes that computers are in charge of the airplane and cannot be overridden. Nonsense and balderdash.

Re: Re:

Yep, was going to make this same point. Lots of people still get their daily news from *gasp* television and even *boggle* newspapers, and both of those media are pretty much toeing the line on cyber-scare tactics: "Could your kids' texting habits shut down the Power Company? Stay tuned to Fox News at 11 to find out!"

Re: Re:

Re:

+1
More likely there will be some real bad times coming up.And yes the majority of Americans are as dumb as fuck and they are completely mindless to what they are allowing both as the Public and as stupid sold out Politicians.
You have to be pretty damn stupid to actually take Money just to pass Laws that take away everyone including your own families Rights away.

No Confidence

Of course, we are afraid of cyber threats to government networks...they have no clue how to secure them correctly. We have evidence that the government can't protect networks from basic script kiddie attacks. We should be scared. Our government is inept.

Statistics!

Okay, I have to confess that I actually read TFA -- both the Wired article and the actual survey results. As far as I can tell, this is an example of Wired making dubious conclusions from a somewhat dubious survey issued from a somewhat dubious source.

Several points to consider:

1. The survey was released by a branch of Unisys that sells security technology to the government and major corporations. Ad hominem isn't enough to disqualify their results on its own, but Unisys releasing a report that says cyber-security isn't important would be like the cigarette industries releasing a report that says tobacco is carcinogenic.

2. The survey is based on data collected from 1,005 phone surveys. For reference, that's about 0.0003% of the US population. Assuming that the surveys were conducted on a truly representative sample of the populace (which I doubt), that's still such a low number that a lot of their results are likely to be pure noise.

3. The Wired report in question was referring to a single, supplemental question attached to the larger survey. The question asked what priorities our government should set; the report listed the top 5 responses. It did not list all the possible responses, nor does it show respondents' relative rankings, nor does it provide a detailed breakdown of how people responded. This is not, in itself, indicative of bias -- but it does mask any bias that would be there. Suppose you gave a survey asking people which they'd prefer as a pet: a cat, or a rabid wolverine. If 99% vote cat, that doesn't mean that 99% of the population likes cats; it means that 99% of the population ranks cats higher than they rank rabid wolverines. Unfortunately, if you publish your results without including the wolverine question, this is not particularly obvious to people reviewing your results.

4. What's particularly odd about the responses cited by Wired is that they don't seem to match up particularly well with the rest of the survey data. According to a previous question on the survey, 19% of the respondents are 'not concerned' about national security at all. A later question then claims that 73% of the respondents think we need to protect our power grids against terrorists. It seems a reasonable assumption that the people who fear terrorists in the power grids are at least 'somewhat concerned' about national security, so that means that the 73% who prioritize infrastructure security come from the 81% who are at least a little bit concerned about national security. By this, we can conclude that over 90% of people who are even 'somewhat concerned' about national security think the government should prioritize securing the infrastructure. To me, this number seems outrageously high; I challenge anyone to get 90% agreement on any meaningful political issue. I'd suspect that either they didn't pick a representative sample of the populace, or they're lying with statistics.

Anyway, I think it's safe to say that the numbers contained in the actual survey are bunk. The fact that Wired is providing sensationalist coverage of what's essentially a meaningless non-issue is....pretty much just what Wired always does.

Re:

When you work in the IT field

When you work in the IT field you tend to see how ignorant people really are towards computers.
It doesn't strike me unusual at all that people are freaking out about nothing. It seems most people can't tell the difference between Windows and Office or disk space and memory. All you need to do is make up a situation where there could be a problem that threatens them, mix in a few PC terms and bam, instant fear.
It's kind of like PC Madlibs.
Did you know RAM Terrorists were trying to CPU your Microsoft? Unless we pass an Apple bill, they'll internet ALL of our ethernets.

Re: Re:

Re: Survey

I really am taking a lot with a grain of salt. Today I read a headline about a soldier who was beaten down by gang members all caught on govt. sponsored surveillance. It seems too perfectly convenient for a miliatized police state which wants our reinvenstment to protect them from getting ganged by violent civilians. I've seen more propaganda in the last 2 weeks than I have since late 2006-2007. It's a wierd time between NATO and the G8. You are seeing all the Banana's coming out of the Republic today.

Every time I see a poll, I have to laugh because they say things like "74% of Americans..." even though they only polled several hundred people (out of over 350 million). Polls are untrustworthy; they're easy to skew.

Bona-fide threats

Why does anyone think the governments have to prove there is evidence of any kind of threat to the public in order to up security measures for systems linked to cyberspace? In so much as they don't create a world-wide panic, seems to be a bona-fide no-brainer good enough reason, doesn't it. And, isn't it enough that they should admit that there are threats? Top level security experts get paid the big bucks for not revealing such threats and causing panic, unlike fearmongering news services and blogs.

Identity theft and viruses and the like may be real threats, but we have ways of protecting ourselves from those things. It's overbearing governments and corporations that I truly fear when it comes to the Internet.

The last time we said terrorism couldn't happen in the USA

It did. +terrorism training to U.S. government employees about the realities now faced at military facilities by civilian and military personnel alike. Of course, it would never happen to you or to me. My brake line was cut that week, which I discovered driving my Father-in-Law and trying to stop at a traffic light. An abandoned van outside the military facility turned out to house explosives. The van was visible by all coming and going from the place and was a test to check the military's procedures and response time. My city had shut down 3 post offices due to anthrax within the same 12 month period in 2002. All gov employees posted to NORAD area were called into the mountain when civilian areas were discovered to be threatened. My friend's Dad worked there and had to say goodbye to his family on short notice until the threat was neutralized for 2 weeks straight.
Of course, all of this is sensationalism.

Terrorism is real, but the government is exploiting it to control people. Don't think it's not real though.